You can use the Active Roles Console or Web Interface to add a picture for a user, group, or contact object. An advantage of using pictures, such as the photographs or logos, is that a picture makes it easier to recognize the user, group, or contact in e-mail clients and web applications that can retrieve the picture from Active Directory. When you supply a picture for a user, group or contact via Active Roles, the picture is saved in the thumbnailPhoto attribute of that user, contact, or group in Active Directory.
Active Roles provides a policy to enforce the picture size limits, including maximum and minimum dimensions and the option to resize the picture automatically. When you add a picture to the user, group, or contact, Active Roles checks the dimensions of the picture, and does not apply the picture in case of policy violation. If automatic picture resizing is enabled, Active Roles reduces the dimensions of the picture as needed by downsampling the original picture.
You can use the following policy options to configure the picture management rules:
-
Controlled property and object type: Specifies the object class and the attribute intended to store the picture. The policy fires upon a request to save a picture in the specified attribute of an object of the specified object class. By default, the policy controls the thumbnailPhoto attribute of the user, contact, or group object class. You can choose a different attribute for each object class separately. For instance, you can configure the policy to control the thumbnailLogo or jpegPhoto user attribute while retaining control of the thumbnailPhoto attribute of groups and contacts.
-
Maximum allowed size, in pixels: Specifies the maximum allowed dimensions of the picture. If the width or height of a given picture is greater than specified by this option, then the policy prevents the picture from being applied. The policy has the option to resample pictures of large size. You can configure the policy so that Active Roles automatically reduces the size of the original picture to meet the policy requirements and then applies the resulting picture.
-
Minimum allowed size, in pixels: Specifies the minimum allowed dimensions of the picture. If the width or height of a given picture is less than specified by this option, then the policy prevents the picture from being applied.
-
Enable automatic picture resizing: Causes Active Roles to resample the pictures whose dimensions exceed the maximum allowed size. If you select this option, Active Roles reduces the dimensions of the picture as appropriate and then applies the resulting picture. Otherwise, Active Roles merely rejects the pictures that are too big.
To view or modify the policy options
-
Open the Active Roles Console.
-
In the Console tree, select Configuration > Policies > Administration > Builtin.
-
In the details pane, double-click Built-in Policy - Picture Management Rules.
-
On the Policies tab in the Properties dialog that appears, click the policy in the list, and then click View/Edit.
-
In the Properties dialog that appears, do the following:
-
On the Controlled Property tab, view or change the object class and attribute to which the policy applies.
-
On the Picture Sizing tab, view or change the policy settings that restrict the size of the picture stored by the controlled property.
-
By default, the built-on Policy Object is applied to the Active Directory node in the Active Roles namespace, so the policy options affect all users, groups and contacts in the managed domains. If you need different policy options for different domains or containers, create a copy of the built-in Policy Object, and then configure and apply the copy as appropriate.